]> git.ipfire.org Git - thirdparty/kernel/stable.git/log
thirdparty/kernel/stable.git
2 years agowifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage
Dmitry Antipov [Tue, 26 Sep 2023 04:29:04 +0000 (07:29 +0300)] 
wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage

When compiling with clang 16.0.6, I've noticed the following:

drivers/net/wireless/ath/ath11k/mac.c:8903:12: warning: stack frame
size (1032) exceeds limit (1024) in 'ath11k_mac_op_remain_on_channel'
[-Wframe-larger-than]
static int ath11k_mac_op_remain_on_channel(struct ieee80211_hw *hw,
           ^
68/1032 (6.59%) spills, 964/1032 (93.41%) variables

So switch to kzalloc()'ed instance of 'struct scan_req_params' like
it's done in 'ath11k_mac_op_hw_scan()'. Compile tested only.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230926042906.13725-1-dmantipov@yandex.ru
2 years agowifi: ath12k: add msdu_end structure for WCN7850
Kang Yang [Mon, 11 Sep 2023 09:30:54 +0000 (17:30 +0800)] 
wifi: ath12k: add msdu_end structure for WCN7850

WCN7850 and QCN9274 currently use the same structure rx_msdu_end_qcn9274
for msdu_end. But content of msdu_end on WCN7850 is different from that of
QCN9274. Need to update it for WCN7850, otherwise will get the wrong
values when using it.

For example, TID is no longer in WCN7850's msdu_end. But
ath12k_dp_rx_process_err() and ath12k_dp_rx_process_wbm_err() still get
TID from msdu_end. So an uncertain value will be used in these two
functions on WCN7850.

Therefore, add new structure rx_msdu_end_wcn7850 for WCN7850.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Kang Yang <quic_kangyang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230911093054.74943-1-quic_kangyang@quicinc.com
2 years agowifi: ath12k: Set default beacon mode to burst mode
Sidhanta Sahu [Tue, 5 Sep 2023 21:39:43 +0000 (14:39 -0700)] 
wifi: ath12k: Set default beacon mode to burst mode

Currently, firmware does not like when beacon mode is set as staggered
mode for more than one beaconing vifs. Beacon mode for multiple
beaconing (transmitted) vifs are expected to be in burst mode. So set
beacon mode to burst mode by default.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Signed-off-by: Sidhanta Sahu <quic_sidhanta@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230905213943.12275-1-quic_sidhanta@quicinc.com
2 years agowifi: ath12k: call ath12k_mac_fils_discovery() without condition
Aloka Dixit [Tue, 5 Sep 2023 17:43:24 +0000 (10:43 -0700)] 
wifi: ath12k: call ath12k_mac_fils_discovery() without condition

Mac80211 does not set flags BSS_CHANGED_FILS_DISCOVERY and
BSS_CHANGED_UNSOL_BCAST_PROBE_RESP if there are no updates to
FILS discovery and unsolicited broadcast probe response transmission
configurations respectively. For BSS change operations such as channel
switch, this results in the transmissions getting stopped because the
driver does not send WMI command to firmware if the flags are not set.
Remove the checks for the flags to always send the existing
configuration to firmware.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230905174324.25296-1-quic_alokad@quicinc.com
2 years agowifi: ath11k: remove unnecessary (void*) conversions
Wu Yunchuan [Thu, 21 Sep 2023 08:50:05 +0000 (11:50 +0300)] 
wifi: ath11k: remove unnecessary (void*) conversions

No need cast (void *) to (struct ath11k_base *),
struct hal_rx_msdu_link *), (struct ath11k_buffer_addr *) or
other types.

Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230919045150.524304-1-yunchuan@nfschina.com
2 years agowifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850
Wen Gong [Wed, 13 Sep 2023 10:55:07 +0000 (06:55 -0400)] 
wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850

Currently mac80211 will send 3 scan request for each scan of WCN7850, they
are 2.4 GHz/5 GHz/6 GHz band scan. Firmware of WCN7850 will cache the RNR
IE(Reduced Neighbor Report element) which exist in the beacon of 2.4 GHz/5
GHz of the AP which is co-located with 6 GHz, and then use the cache to
scan in 6 GHz band scan if the 6 GHz scan is in the same scan with the 2.4
GHz/5 GHz band, this will helpful to search more AP of 6 GHz. Also it will
decrease the time cost of scan because firmware will use dual-band scan
for the 2.4 GHz/5 GHz, it means the 2.4 GHz and 5 GHz scans are doing
simultaneously.

Set the flag IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 since it
supports 2.4 GHz/5 GHz/6 GHz in a single wiphy/ieee80211_hw.

This does not impact QCN9274, because it is not single_phy, so does not
have 2.4 GHz/5 GHz/6 GHz in the same wiphy, then it does not match the
condition and then IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS will not set for
QCN9274.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230913105507.17675-1-quic_wgong@quicinc.com
2 years agowifi: ath12k: change to treat alpha code na as world wide regdomain
Wen Gong [Wed, 6 Sep 2023 09:03:55 +0000 (05:03 -0400)] 
wifi: ath12k: change to treat alpha code na as world wide regdomain

Some firmware versions for WCN7850 report the default regdomain with
alpha code "na" by default when load as a world wide regdomain,
ath12k should treat it as a world wide alpha code.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230906090355.19181-1-quic_wgong@quicinc.com
2 years agowifi: ath12k: indicate scan complete for scan canceled when scan running
Wen Gong [Wed, 6 Sep 2023 08:57:46 +0000 (04:57 -0400)] 
wifi: ath12k: indicate scan complete for scan canceled when scan running

ath12k prints "Received scan event for unknown vdev" when doing the
following test:
1. trigger scan
2. wait 0.2 second
3. iw reg set is issued or 11d scan complete event is sent from firmware

Reason is:
When iw reg set is issues or the 11d scan complete event is received, the
new country code will be set to the firmware, and the new regdomain info
indicated to ath12k, then the new channel list will be sent to the firmware.
The firmware will cancel the current scan after receiving WMI_SCAN_CHAN_LIST_CMDID
which is used for the new channel list, and the state of ath12k is
ATH12K_SCAN_RUNNING, then ath12k_get_ar_on_scan_abort() returns NULL and
ath12k_scan_event() returns at this point and does not indicate scan
completion to mac80211.

Indicate scan completion to mac80211 and get rid of the "Received scan
event for unknown vdev" print for the above case.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230906085746.18968-1-quic_wgong@quicinc.com
2 years agowifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_ST...
Wen Gong [Tue, 5 Sep 2023 10:59:47 +0000 (06:59 -0400)] 
wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state

Scan failure can not be recovered from when running a loop of the
following steps:
1. run scan: "iw wlan scan".
2. run command: echo assert > /sys/kernel/debug/ath12k/wcn7850\ hw2.0/simulate_fw_crash
   immediately after step 1.

result:
scan failed and can not recover even when wlan recovery succeeds:
command failed: Device or resource busy (-16)

reason:
When scan arrives, WMI_START_SCAN_CMDID is sent to the firmware and
function ath12k_mac_op_hw_scan() returns, then simulate_fw_crash arrives
and the scan started event does not arrive, and then it starts to do
recovery of wlan. __ath12k_mac_scan_finish() which is called from
ath12k_core_halt() is one step of recovery, it will not call
ieee80211_scan_completed() by logic currently because the scan state is
ATH12K_SCAN_STARTING. Thus it leads the scan not being completed in
mac80211, and leads all consecutive scans failing with -EBUSY in
nl80211_trigger_scan even after wlan recovery success.

Indicate scan complete with aborted flag to mac80211 for
ATH12K_SCAN_STARTING to allow recovery from scan failed with "Device or
resource busy (-16)" after wlan recovery.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230905105947.10369-1-quic_wgong@quicinc.com
2 years agowifi: ath12k: fix recovery fail while firmware crash when doing channel switch
Wen Gong [Tue, 5 Sep 2023 10:52:29 +0000 (06:52 -0400)] 
wifi: ath12k: fix recovery fail while firmware crash when doing channel switch

When firmware crashed while channel switch running, recovery starts in
ath12k. Then ieee80211_sta_connection_lost() will be called by function
ieee80211_restart_work() in mac80211. And then many WMI command timeout
because firmware is crashed. Each WMI command cost 3 seconds, then the
total time will be large and leads recovery fail.

Hence change to set value ATH12K_FLAG_CRASH_FLUSH early and then
ath12k_wmi_cmd_send() will not wait 3 seconds, then recovery will be
started quickly and success.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230905105229.10090-1-quic_wgong@quicinc.com
2 years agowifi: ath12k: add support for hardware rfkill for WCN7850
Lingbo Kong [Wed, 6 Sep 2023 11:04:12 +0000 (19:04 +0800)] 
wifi: ath12k: add support for hardware rfkill for WCN7850

When hardware rfkill is enabled in the firmware, it will report the
capability using WMI_SYS_CAP_INFO_RFKILL bit in the WMI_SERVICE_READY event
to the host. Currently ath12k does not process this service capability. In
order to support this, update ath12k to check if the capability is enabled,
if so, send the GPIO information to firmware. When the firmware detects
hardware rfkill is enabled by the user, it will report it using
WMI_RFKILL_STATE_CHANGE_EVENTID. When ath12k receive the event, it will set
the value of rfkill_radio_on based on whether radio_state is equal to
WMI_RFKILL_RADIO_STATE_ON, then send WMI_PDEV_PARAM_RFKILL_ENABLE to
firmware.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Lingbo Kong <quic_lingbok@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230906110412.182176-1-quic_lingbok@quicinc.com
2 years agowifi: ath11k: use kstrtoul_from_user() where appropriate
Dmitry Antipov [Thu, 21 Sep 2023 08:16:57 +0000 (11:16 +0300)] 
wifi: ath11k: use kstrtoul_from_user() where appropriate

Use 'kstrtoul_from_user()' in 'ath11k_write_file_spectral_count()'
and 'ath11k_write_file_spectral_bins()'

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230824075121.121144-4-dmantipov@yandex.ru
2 years agowifi: ath11k: remove unused members of 'struct ath11k_base'
Dmitry Antipov [Thu, 24 Aug 2023 07:50:45 +0000 (10:50 +0300)] 
wifi: ath11k: remove unused members of 'struct ath11k_base'

Remove set but otherwise unused 'wlan_init_status' and
'wmi_ready' members of 'struct ath11k_base', adjust
'ath11k_wmi_tlv_rdy_parse()' accordingly.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230824075121.121144-2-dmantipov@yandex.ru
2 years agowifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process()
Dmitry Antipov [Thu, 24 Aug 2023 07:50:44 +0000 (10:50 +0300)] 
wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process()

In 'ath11k_dp_rx_mon_dest_process()', 'mon_dst_srng' points to
a member of 'srng_list', which is a fixed-size array inside
'struct ath11k_hal'. This way, if 'ring_id' is valid (i. e.
between 0 and HAL_SRNG_RING_ID_MAX - 1 inclusive), 'mon_dst_srng'
can't be NULL and so relevant check may be dropped.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230824075121.121144-1-dmantipov@yandex.ru
2 years agowifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats()
Dmitry Antipov [Wed, 6 Sep 2023 09:36:55 +0000 (12:36 +0300)] 
wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats()

Since 'user_stats' is a fixed-size array of 'struct htt_ppdu_user_stats'
in 'struct htt_ppdu_stats', any of its member can't be NULL and so
relevant check may be dropped.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230906093704.14001-1-dmantipov@yandex.ru
2 years agowifi: ath11k: fix boot failure with one MSI vector
Baochen Qiang [Thu, 7 Sep 2023 01:56:06 +0000 (09:56 +0800)] 
wifi: ath11k: fix boot failure with one MSI vector

Commit 5b32b6dd96633 ("ath11k: Remove core PCI references from
PCI common code") breaks with one MSI vector because it moves
affinity setting after IRQ request, see below log:

[ 1417.278835] ath11k_pci 0000:02:00.0: failed to receive control response completion, polling..
[ 1418.302829] ath11k_pci 0000:02:00.0: Service connect timeout
[ 1418.302833] ath11k_pci 0000:02:00.0: failed to connect to HTT: -110
[ 1418.303669] ath11k_pci 0000:02:00.0: failed to start core: -110

The detail is, if do affinity request after IRQ activated,
which is done in request_irq(), kernel caches that request and
returns success directly. Later when a subsequent MHI interrupt is
fired, kernel will do the real affinity setting work, as a result,
changs the MSI vector. However at that time host has configured
old vector to hardware, so host never receives CE or DP interrupts.

Fix it by setting affinity before registering MHI controller
where host is, for the first time, doing IRQ request.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23
Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1

Fixes: 5b32b6dd9663 ("ath11k: Remove core PCI references from PCI common code")
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230907015606.16297-1-quic_bqiang@quicinc.com
2 years agowifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL
Dmitry Antipov [Thu, 14 Sep 2023 16:07:03 +0000 (19:07 +0300)] 
wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL

According to Jeff, 'HTT_DATA_TX_STATUS_DOWNLOAD_FAIL' from
'enum htt_data_tx_status' is never actually used by the
firmware code and so may be dropped, with the related
adjustment to 'ath10k_htt_rx_tx_compl_ind()'.

Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230914160744.155903-1-dmantipov@yandex.ru
2 years agowifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by
Kees Cook [Fri, 15 Sep 2023 20:06:36 +0000 (13:06 -0700)] 
wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct ath10k_ce_ring.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Kalle Valo <kvalo@kernel.org>
Cc: Jeff Johnson <quic_jjohnson@quicinc.com>
Cc: ath10k@lists.infradead.org
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230915200636.never.762-kees@kernel.org
2 years agowifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by
Kees Cook [Fri, 15 Sep 2023 20:06:27 +0000 (13:06 -0700)] 
wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by

Prepare for the coming implementation by GCC and Clang of the __counted_by
attribute. Flexible array members annotated with __counted_by can have
their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
(for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
functions).

As found with Coccinelle[1], add __counted_by for struct wcn36xx_hal_ind_msg.

[1] https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci

Cc: Loic Poulain <loic.poulain@linaro.org>
Cc: Kalle Valo <kvalo@kernel.org>
Cc: wcn36xx@lists.infradead.org
Cc: linux-wireless@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230915200622.never.820-kees@kernel.org
2 years agowifi: ath12k: Remove unnecessary (void*) conversions
Wu Yunchuan [Tue, 19 Sep 2023 04:51:42 +0000 (12:51 +0800)] 
wifi: ath12k: Remove unnecessary (void*) conversions

No need cast (void*) to (struct hal_rx_ppdu_end_user_stats *),
(struct ath12k_rx_desc_info *) or (struct hal_tx_msdu_ext_desc *).
Change the prototype to remove the local variable.

Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com>
Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230919045142.524226-1-yunchuan@nfschina.com
2 years agowifi: ath10k: Remove unnecessary (void*) conversions
Wu Yunchuan [Tue, 19 Sep 2023 04:50:56 +0000 (12:50 +0800)] 
wifi: ath10k: Remove unnecessary (void*) conversions

No need cast (void*) to (struct htt_rx_ring_setup_ring32 *),
(struct htt_rx_ring_setup_ring64 *). Change the prototype to
remove the local variable.

Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com>
Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230919045056.523958-1-yunchuan@nfschina.com
2 years agowifi: ath6kl: remove unnecessary (void*) conversions
Wu Yunchuan [Tue, 19 Sep 2023 04:50:08 +0000 (12:50 +0800)] 
wifi: ath6kl: remove unnecessary (void*) conversions

No need cast (void *) to (struct ath6kl *) or
(struct ath6kl_cookie *).

Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230919045008.523730-1-yunchuan@nfschina.com
2 years agowifi: ath5k: remove unnecessary (void*) conversions
Wu Yunchuan [Tue, 19 Sep 2023 04:49:59 +0000 (12:49 +0800)] 
wifi: ath5k: remove unnecessary (void*) conversions

No need cast (void *) to (struct ath5k_hw *).

Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com>
Reviewed-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230919044959.523576-1-yunchuan@nfschina.com
2 years agowifi: wcn36xx: remove unnecessary (void*) conversions
Wu Yunchuan [Tue, 19 Sep 2023 04:49:25 +0000 (12:49 +0800)] 
wifi: wcn36xx: remove unnecessary (void*) conversions

No need cast (void *) to other types such as (struct wcn36xx *),
(struct wcn36xx_hal_update_scan_params_resp *), etc.

Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230919044925.523403-1-yunchuan@nfschina.com
2 years agowifi: ar5523: Remove unnecessary (void*) conversions
Wu Yunchuan [Tue, 19 Sep 2023 04:49:06 +0000 (12:49 +0800)] 
wifi: ar5523: Remove unnecessary (void*) conversions

No need cast (void*) to (struct ar5523_cmd_hdr *).

Signed-off-by: Wu Yunchuan <yunchuan@nfschina.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230919044906.523189-1-yunchuan@nfschina.com
2 years agowifi: ath9k: clean up function ath9k_hif_usb_resume
Dongliang Mu [Tue, 5 Sep 2023 01:35:56 +0000 (09:35 +0800)] 
wifi: ath9k: clean up function ath9k_hif_usb_resume

In ath9k_hif_usb_resume, the error handling code calls
ath9k_hif_usb_dealloc_urbs twice in different paths.

To unify the error handling code, we move the else branch before
the if branch and drop one level of indentation of the if branch.

In addition, move the ret variable at the end of variable declarations
to be reverse x-mas tree order.

Note that this patch does not incur any functionability change.

Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230905013556.2595854-1-dzm91@hust.edu.cn
2 years agowifi: ath12k: fix DMA unmap warning on NULL DMA address
Baochen Qiang [Wed, 20 Sep 2023 13:43:42 +0000 (16:43 +0300)] 
wifi: ath12k: fix DMA unmap warning on NULL DMA address

In ath12k_dp_tx(), if we reach fail_dma_unmap due to some errors,
current code does DMA unmap unconditionally on skb_cb->paddr_ext_desc.
However, skb_cb->paddr_ext_desc may be NULL and thus we get below
warning:

kernel: [ 8887.076212] WARNING: CPU: 3 PID: 0 at drivers/iommu/dma-iommu.c:1077 iommu_dma_unmap_page+0x79/0x90

Fix it by checking skb_cb->paddr_ext_desc before unmap it.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230830021131.5610-1-quic_bqiang@quicinc.com
2 years agowifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()
Baochen Qiang [Wed, 20 Sep 2023 13:43:42 +0000 (16:43 +0300)] 
wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()

reg_cap.phy_id is extracted from WMI event and could be an unexpected value
in case some errors happen. As a result out-of-bound write may occur to
soc->hal_reg_cap. Fix it by validating reg_cap.phy_id before using it.

This is found during code review.

Compile tested only.

Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230830020716.5420-1-quic_bqiang@quicinc.com
2 years agowifi: ath10k: fix clang-specific fortify warning
Dmitry Antipov [Tue, 29 Aug 2023 09:36:02 +0000 (12:36 +0300)] 
wifi: ath10k: fix clang-specific fortify warning

When compiling with clang 16.0.6 and CONFIG_FORTIFY_SOURCE=y, I've
noticed the following (somewhat confusing due to absence of an actual
source code location):

In file included from drivers/net/wireless/ath/ath10k/debug.c:8:
In file included from ./include/linux/module.h:13:
In file included from ./include/linux/stat.h:19:
In file included from ./include/linux/time.h:60:
In file included from ./include/linux/time32.h:13:
In file included from ./include/linux/timex.h:67:
In file included from ./arch/x86/include/asm/timex.h:5:
In file included from ./arch/x86/include/asm/processor.h:23:
In file included from ./arch/x86/include/asm/msr.h:11:
In file included from ./arch/x86/include/asm/cpumask.h:5:
In file included from ./include/linux/cpumask.h:12:
In file included from ./include/linux/bitmap.h:11:
In file included from ./include/linux/string.h:254:
./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field'
declared with 'warning' attribute: detected read beyond size of field (2nd
parameter); maybe use struct_group()? [-Wattribute-warning]
                        __read_overflow2_field(q_size_field, size);

The compiler actually complains on 'ath10k_debug_get_et_strings()' where
fortification logic inteprets call to 'memcpy()' as an attempt to copy
the whole 'ath10k_gstrings_stats' array from it's first member and so
issues an overread warning. This warning may be silenced by passing
an address of the whole array and not the first member to 'memcpy()'.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230829093652.234537-1-dmantipov@yandex.ru
2 years agowifi: ath11k: add chip id board name while searching board-2.bin for WCN6855
Wen Gong [Wed, 30 Aug 2023 06:02:26 +0000 (02:02 -0400)] 
wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855

Sometimes board-2.bin does not have the board data which matched the
parameters such as bus type, vendor, device, subsystem-vendor,
subsystem-device, qmi-chip-id and qmi-board-id, then wlan will load fail.

Hence add another type which only matches the bus type and qmi-chip-id,
then the ratio of missing board data reduced.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230830060226.18664-1-quic_wgong@quicinc.com
2 years agowifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
Baochen Qiang [Fri, 1 Sep 2023 01:56:02 +0000 (09:56 +0800)] 
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()

len is extracted from HTT message and could be an unexpected value in
case errors happen, so add validation before using to avoid possible
out-of-bound read in the following message iteration and parsing.

The same issue also applies to ppdu_info->ppdu_stats.common.num_users,
so validate it before using too.

These are found during code review.

Compile test only.

Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230901015602.45112-1-quic_bqiang@quicinc.com
2 years agowifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset()
Wen Gong [Wed, 30 Aug 2023 06:08:50 +0000 (02:08 -0400)] 
wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset()

Sometimes device recovery fail with this operation.
Run test command for many times:
echo assert > /sys/kernel/debug/ath12k/wcn7850\ hw2.0_0000\:03\:00.0/simulate_fw_crash

While recovery start, ath12k_core_post_reconfigure_recovery() will
call ieee80211_restart_hw(), and the restart_work which queued by
ieee80211_restart_hw() is running in another thread, it will call
into ath12k_mac_op_start() and ath12k_mac_wait_reconfigure(), and
the variables ab->recovery_start_count and ab->recovery_start is used
in ath12k_mac_wait_reconfigure(), so ath12k need to initialize the
variables before queue the restart_work, otherwise ath12k_mac_wait_reconfigure()
maybe use the un-initialized variables. Change to initialize the 2
variables earlier and then recovery process become correct.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230830060850.18881-1-quic_wgong@quicinc.com
2 years agowifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850
Wen Gong [Mon, 28 Aug 2023 04:04:20 +0000 (00:04 -0400)] 
wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850

320 MHz bandwidth is reported only for single PHY mode for WCN7850, get it
from WMI_HOST_HW_MODE_SINGLE ath12k_wmi_caps_ext_params and report it for
6 GHz band.

After this patch, "iw list" shows 320 MHz support for WCN7850:

EHT Iftypes: managed
        EHT PHY Capabilities: (0xe26f090010768800):
                320MHz in 6GHz Supported
        EHT bw=320 MHz, max NSS for MCS 8-9: Rx=0, Tx=0
        EHT bw=320 MHz, max NSS for MCS 10-11: Rx=0, Tx=0
        EHT bw=320 MHz, max NSS for MCS 12-13: Rx=0, Tx=0

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230828040420.2165-1-quic_wgong@quicinc.com
2 years agowifi: ath9k: fix clang-specific fortify warnings
Dmitry Antipov [Tue, 29 Aug 2023 09:38:12 +0000 (12:38 +0300)] 
wifi: ath9k: fix clang-specific fortify warnings

When compiling with clang 16.0.6 and CONFIG_FORTIFY_SOURCE=y, I've
noticed the following (somewhat confusing due to absence of an actual
source code location):

In file included from drivers/net/wireless/ath/ath9k/debug.c:17:
In file included from ./include/linux/slab.h:16:
In file included from ./include/linux/gfp.h:7:
In file included from ./include/linux/mmzone.h:8:
In file included from ./include/linux/spinlock.h:56:
In file included from ./include/linux/preempt.h:79:
In file included from ./arch/x86/include/asm/preempt.h:9:
In file included from ./include/linux/thread_info.h:60:
In file included from ./arch/x86/include/asm/thread_info.h:53:
In file included from ./arch/x86/include/asm/cpufeature.h:5:
In file included from ./arch/x86/include/asm/processor.h:23:
In file included from ./arch/x86/include/asm/msr.h:11:
In file included from ./arch/x86/include/asm/cpumask.h:5:
In file included from ./include/linux/cpumask.h:12:
In file included from ./include/linux/bitmap.h:11:
In file included from ./include/linux/string.h:254:
./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field'
declared with 'warning' attribute: detected read beyond size of field (2nd
parameter); maybe use struct_group()? [-Wattribute-warning]
                        __read_overflow2_field(q_size_field, size);

In file included from drivers/net/wireless/ath/ath9k/htc_drv_debug.c:17:
In file included from drivers/net/wireless/ath/ath9k/htc.h:20:
In file included from ./include/linux/module.h:13:
In file included from ./include/linux/stat.h:19:
In file included from ./include/linux/time.h:60:
In file included from ./include/linux/time32.h:13:
In file included from ./include/linux/timex.h:67:
In file included from ./arch/x86/include/asm/timex.h:5:
In file included from ./arch/x86/include/asm/processor.h:23:
In file included from ./arch/x86/include/asm/msr.h:11:
In file included from ./arch/x86/include/asm/cpumask.h:5:
In file included from ./include/linux/cpumask.h:12:
In file included from ./include/linux/bitmap.h:11:
In file included from ./include/linux/string.h:254:
./include/linux/fortify-string.h:592:4: warning: call to '__read_overflow2_field'
declared with 'warning' attribute: detected read beyond size of field (2nd
parameter); maybe use struct_group()? [-Wattribute-warning]
                        __read_overflow2_field(q_size_field, size);

The compiler actually complains on 'ath9k_get_et_strings()' and
'ath9k_htc_get_et_strings()' due to the same reason: fortification logic
inteprets call to 'memcpy()' as an attempt to copy the whole array from
it's first member and so issues an overread warning. These warnings may
be silenced by passing an address of the whole array and not the first
member to 'memcpy()'.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230829093856.234584-1-dmantipov@yandex.ru
2 years agowifi: ath9k: use u32 for txgain indexes
Dmitry Antipov [Wed, 23 Aug 2023 18:23:34 +0000 (21:23 +0300)] 
wifi: ath9k: use u32 for txgain indexes

Since both 'ar9550_hw_get_modes_txgain_index()' and
'ar9561_hw_get_modes_txgain_index()' never returns
negative values, prefer 'u32' over 'int' and adjust
'ar9003_hw_process_ini()' accordingly.

Suggested-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230823182401.196270-2-dmantipov@yandex.ru
2 years agowifi: ath9k: simplify ar9003_hw_process_ini()
Dmitry Antipov [Wed, 23 Aug 2023 18:23:33 +0000 (21:23 +0300)] 
wifi: ath9k: simplify ar9003_hw_process_ini()

Since commit 8896934c1684 ("ath9k_hw: remove direct accesses to channel
mode flags") changes 'ar9550_hw_get_modes_txgain_index()' so it never
returns -EINVAL, and 'ar9561_hw_get_modes_txgain_index()' never returns
negative value too, an extra check in 'ar9003_hw_process_ini()' may be
dropped.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230823182401.196270-1-dmantipov@yandex.ru
2 years agowifi: ath12k: fix radar detection in 160 MHz
Manish Dharanenthiran [Tue, 5 Sep 2023 13:29:41 +0000 (16:29 +0300)] 
wifi: ath12k: fix radar detection in 160 MHz

Radar detection fails in the secondary 80 MHz when the
the AP's primary 80 MHz is in non-DFS region in 160 MHz.

This is due to WMI channel flag WMI_CHAN_INFO_DFS_FREQ2 is not set
properly in case of the primary 80 MHz is in non-DFS region.
HALPHY detects the radar pulses in the secondary 80 MHz only when
WMI_CHAN_INFO_DFS_FREQ2 is set.

Fix this issue by setting WMI channel flag WMI_CHAN_INFO_DFS_FREQ2
based on the radar_enabled flag from the channel context.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230802085852.19821-3-quic_mdharane@quicinc.com
2 years agowifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan
Manish Dharanenthiran [Tue, 5 Sep 2023 13:29:41 +0000 (16:29 +0300)] 
wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan

Fix WARN_ON() from ath12k_mac_update_vif_chan() if vdev is not up.
Since change_chanctx can be called even before vdev_up.

Do vdev stop followed by a vdev start in case of vdev is down.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0-02903-QCAHKSWPL_SILICONZ-1

Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230802085852.19821-2-quic_mdharane@quicinc.com
2 years agowifi: ath11k: fix tid bitmap is 0 in peer rx mu stats
Muna Sinada [Sat, 26 Aug 2023 05:42:46 +0000 (08:42 +0300)] 
wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats

Correct parsing of reading offset for rx tid 16 bit bitmap. Incorrect
offset caused peer rx mu stats tid bitmap to always be zero. This
correction is in the software context and does not affect the
firmware interface.

Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-00356-QCAHKSWPL_SILICONZ-1

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/1692827868-15667-2-git-send-email-quic_msinada@quicinc.com
2 years agowifi: ath11k: move references from rsvd2 to info fields
Muna Sinada [Sat, 26 Aug 2023 05:42:46 +0000 (08:42 +0300)] 
wifi: ath11k: move references from rsvd2 to info fields

Remove references to reserved fields and add new info fields for
struct hal_rx_ppdu_end_user_stats. Reserved fields should not be
accessed, therefore existing references to it are to be changed to
referencing specific info fields.

Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-00356-QCAHKSWPL_SILICONZ-1

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/1692827868-15667-1-git-send-email-quic_msinada@quicinc.com
2 years agowifi: ath12k: fix undefined behavior with __fls in dp
Harshitha Prem [Sat, 26 Aug 2023 05:42:44 +0000 (08:42 +0300)] 
wifi: ath12k: fix undefined behavior with __fls in dp

When max virtual ap interfaces are configured in all the bands
with ACS and hostapd restart is done every 60s,
a crash is observed at random times because of handling the
uninitialized peer fragments with fragment id of packet as 0.

"__fls" would have an undefined behavior if the argument is passed
as "0". Hence, added changes to handle the same.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230821130343.29495-3-quic_hprem@quicinc.com
2 years agowifi: ath12k: Ignore fragments from uninitialized peer in dp
Harshitha Prem [Sat, 26 Aug 2023 05:42:43 +0000 (08:42 +0300)] 
wifi: ath12k: Ignore fragments from uninitialized peer in  dp

When max virtual ap interfaces are configured in all the bands with
ACS and hostapd restart is done every 60s, a crash is observed at
random times.

In the above scenario, a fragmented packet is received for self peer,
for which rx_tid and rx_frags are not initialized in datapath.
While handling this fragment, crash is observed as the rx_frag list
is uninitialized and when we walk in ath12k_dp_rx_h_sort_frags,
skb null leads to exception.

To address this, before processing received fragments we check
dp_setup_done flag is set to ensure that peer has completed its
dp peer setup for fragment queue, else ignore processing the
fragments.

Call trace:
    PC points to "ath12k_dp_process_rx_err+0x4e8/0xfcc [ath12k]"
    LR points to "ath12k_dp_process_rx_err+0x480/0xfcc [ath12k]".
    The Backtrace obtained is as follows:
    ath12k_dp_process_rx_err+0x4e8/0xfcc [ath12k]
    ath12k_dp_service_srng+0x78/0x260 [ath12k]
    ath12k_pci_write32+0x990/0xb0c [ath12k]
    __napi_poll+0x30/0xa4
    net_rx_action+0x118/0x270
    __do_softirq+0x10c/0x244
    irq_exit+0x64/0xb4
    __handle_domain_irq+0x88/0xac
    gic_handle_irq+0x74/0xbc
    el1_irq+0xf0/0x1c0
    arch_cpu_idle+0x10/0x18
    do_idle+0x104/0x248
    cpu_startup_entry+0x20/0x64
    rest_init+0xd0/0xdc
    arch_call_rest_init+0xc/0x14

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230821130343.29495-2-quic_hprem@quicinc.com
2 years agowifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash
Arowa Suliman [Sat, 26 Aug 2023 05:42:42 +0000 (08:42 +0300)] 
wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash

Currently, the ath11k driver does not print a crash signature when a
MHI_CB_EE_RDDM crash happens. Checked by triggering a simulated crash using the
command and checking dmesg for logs:

echo assert > /sys/kernel/debug/ath11k/../simulate_fw_crash

Add a warning when firmware crash MHI_CB_EE_RDDM happens.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23

Signed-off-by: Arowa Suliman <arowa@chromium.org>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230714001126.463127-1-arowa@chromium.org
2 years agoMerge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue
Jakub Kicinski [Sat, 26 Aug 2023 02:09:45 +0000 (19:09 -0700)] 
Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue

Tony Nguyen says:

====================
Intel Wired LAN Driver Updates 2023-08-24 (igc, e1000e)

This series contains updates to igc and e1000e drivers.

Vinicius adds support for utilizing multiple PTP registers on igc.

Sasha reduces interval time for PTM on igc and adds new device support
on e1000e.

* '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue:
  e1000e: Add support for the next LOM generation
  igc: Decrease PTM short interval from 10 us to 1 us
  igc: Add support for multiple in-flight TX timestamps
====================

Link: https://lore.kernel.org/r/20230824204418.1551093-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agodoc/netlink: Add delete operation to ovs_vport spec
Donald Hunter [Thu, 24 Aug 2023 14:22:21 +0000 (15:22 +0100)] 
doc/netlink: Add delete operation to ovs_vport spec

Add del operation to the spec to help with testing.

Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
Link: https://lore.kernel.org/r/20230824142221.71339-1-donald.hunter@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agotools: ynl-gen: fix uAPI generation after tempfile changes
Jakub Kicinski [Thu, 24 Aug 2023 21:24:31 +0000 (14:24 -0700)] 
tools: ynl-gen: fix uAPI generation after tempfile changes

We use a tempfile for code generation, to avoid wiping the target
file out if the code generator crashes. File contents are copied
from tempfile to actual destination at the end of main().

uAPI generation is relatively simple so when generating the uAPI
header we return from main() early, and never reach the "copy code
over" stage. Since commit under Fixes uAPI headers are not updated
by ynl-gen.

Move the copy/commit of the code into CodeWriter, to make it
easier to call at any point in time. Hook it into the destructor
to make sure we don't miss calling it.

Fixes: f65f305ae008 ("tools: ynl-gen: use temporary file for rendering")
Link: https://lore.kernel.org/r/20230824212431.1683612-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge branch 'stmmac-cleanups'
Jakub Kicinski [Sat, 26 Aug 2023 01:55:21 +0000 (18:55 -0700)] 
Merge branch 'stmmac-cleanups'

Russell King says:

====================
stmmac cleanups

One of the comments I had on Feiyang Chen's series was concerning the
initialisation of phylink... and so I've decided to do something about
it, cleaning it up a bit.

This series:

1) adds a new phylink function to limit the MAC capabilities according
   to a maximum speed. This allows us to greatly simplify stmmac's
   initialisation of phylink's mac capabilities.

2) everywhere that uses priv->plat->phylink_node first converts this
   to a fwnode before doing anything with it. This is silly. Let's
   instead store it as a fwnode to eliminate these conversions in
   multiple places.

3) clean up passing the fwnode to phylink - it might as well happen
   at the phylink_create() callsite, rather than being scattered
   throughout the entire function.

4) same for mdio_bus_data

5) use phylink_limit_mac_speed() to handle the priv->plat->max_speed
   restriction.

6) add a method to get the MAC-specific capabilities from the code
   dealing with the MACs, and arrange to call it at an appropriate
   time.

7) convert the gmac4 users to use the MAC specific method.

8) same for xgmac.

9) group all the simple phylink_config initialisations together.

10) convert half-duplex logic to being positive logic.

While looking into all of this, this raised eyebrows:

        if (priv->plat->tx_queues_to_use > 1)
                priv->phylink_config.mac_capabilities &=
                        ~(MAC_10HD | MAC_100HD | MAC_1000HD);

priv->plat->tx_queues_to_use is initialised by platforms to either 1,
4 or 8, and can be controlled from userspace via the --set-channels
ethtool op. The implementation of this op in this driver limits the
number of channels to priv->dma_cap.number_tx_queues, which is derived
from the DMA hwcap.

So, the obvious questions are:

1) what guarantees that the static initialisation of tx_queues_to_use
will always be less than or equal to number_tx_queues from the DMA hw
cap?

2) tx_queues_to_use starts off as 1, but number_tx_queues is larger,
we will leave the half-duplex capabilities in place, but userspace can
increase tx_queues_to_use above 1. Does that mean half-duplex is then
not supported?

3) Should we be basing the decision whether half-duplex is supported
off the DMA capabilities?

4) What about priv->dma_cap.half_duplex? Doesn't that get a say in
whether half-duplex is supported or not? Why isn't this used? Why is
it only reported via debugfs? If it's not being used by the driver,
what's the point of reporting it via debugfs?
====================

Link: https://lore.kernel.org/r/ZOddFH22PWmOmbT5@shell.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: convert half-duplex support to positive logic
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:39 +0000 (14:38 +0100)] 
net: stmmac: convert half-duplex support to positive logic

Rather than detecting when half-duplex is not supported, and clearing
the MAC capabilities, reverse the if() condition and use it to set the
capabilities instead.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXn-005pUb-SP@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: move priv->phylink_config.mac_managed_pm
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:34 +0000 (14:38 +0100)] 
net: stmmac: move priv->phylink_config.mac_managed_pm

Move priv->phylink_config.mac_managed_pm to be along side the other
phylink initialisations.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXi-005pUV-Nq@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: move xgmac specific phylink caps to dwxgmac2 core
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:29 +0000 (14:38 +0100)] 
net: stmmac: move xgmac specific phylink caps to dwxgmac2 core

Move the xgmac specific phylink capabilities to the dwxgmac2 support
core.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXd-005pUP-JL@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: move gmac4 specific phylink capabilities to gmac4
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:24 +0000 (14:38 +0100)] 
net: stmmac: move gmac4 specific phylink capabilities to gmac4

Move the setup of gmac4 speicifc phylink capabilities into gmac4 code.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXY-005pUJ-Ez@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: provide stmmac_mac_phylink_get_caps()
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:19 +0000 (14:38 +0100)] 
net: stmmac: provide stmmac_mac_phylink_get_caps()

Allow MACs to provide their own capabilities via the MAC operations
struct.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXT-005pUD-Aj@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: use phylink_limit_mac_speed()
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:14 +0000 (14:38 +0100)] 
net: stmmac: use phylink_limit_mac_speed()

Use phylink_limit_mac_speed() to limit the MAC capabilities rather
than coding this for each speed.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXO-005pU7-61@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: use "mdio_bus_data" local variable
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:09 +0000 (14:38 +0100)] 
net: stmmac: use "mdio_bus_data" local variable

We have a local variable for priv->plat->mdio_bus_data, which we use
later in the conditional if() block, but we evaluate the above within
the conditional expression. Use mdio_bus_data instead. Since these
will be the only two users of this local variable, move its assignment
just before the if().

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXJ-005pU1-1z@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: clean up passing fwnode to phylink
Russell King (Oracle) [Thu, 24 Aug 2023 13:38:03 +0000 (14:38 +0100)] 
net: stmmac: clean up passing fwnode to phylink

Move the initialisation of the fwnode variable closer to its use
site, rather than scattered throughout stmmac_phy_setup().

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAXD-005pTv-TN@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: stmmac: convert plat->phylink_node to fwnode
Russell King (Oracle) [Thu, 24 Aug 2023 13:37:58 +0000 (14:37 +0100)] 
net: stmmac: convert plat->phylink_node to fwnode

All users of plat->phylink_node first convert it to a fwnode. Rather
than repeatedly convert to a fwnode, store it as a fwnode. To reflect
this change, call it plat->port_node instead - it is used for more
than just phylink.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAX8-005pTo-OT@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: phylink: add phylink_limit_mac_speed()
Russell King (Oracle) [Thu, 24 Aug 2023 13:37:53 +0000 (14:37 +0100)] 
net: phylink: add phylink_limit_mac_speed()

Add a function which can be used to limit the phylink MAC capabilities
to an upper speed limit.

Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Link: https://lore.kernel.org/r/E1qZAX3-005pTi-K1@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoveth: Avoid NAPI scheduling on failed SKB forwarding
Liang Chen [Thu, 24 Aug 2023 12:31:31 +0000 (20:31 +0800)] 
veth: Avoid NAPI scheduling on failed SKB forwarding

When an skb fails to be forwarded to the peer(e.g., skb data buffer
length exceeds MTU), it will not be added to the peer's receive queue.
Therefore, we should schedule the peer's NAPI poll function only when
skb forwarding is successful to avoid unnecessary overhead.

Signed-off-by: Liang Chen <liangchen.linux@gmail.com>
Link: https://lore.kernel.org/r/20230824123131.7673-1-liangchen.linux@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf...
Jakub Kicinski [Sat, 26 Aug 2023 01:40:14 +0000 (18:40 -0700)] 
Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

Daniel Borkmann says:

====================
pull-request: bpf-next 2023-08-25

We've added 87 non-merge commits during the last 8 day(s) which contain
a total of 104 files changed, 3719 insertions(+), 4212 deletions(-).

The main changes are:

1) Add multi uprobe BPF links for attaching multiple uprobes
   and usdt probes, which is significantly faster and saves extra fds,
   from Jiri Olsa.

2) Add support BPF cpu v4 instructions for arm64 JIT compiler,
   from Xu Kuohai.

3) Add support BPF cpu v4 instructions for riscv64 JIT compiler,
   from Pu Lehui.

4) Fix LWT BPF xmit hooks wrt their return values where propagating
   the result from skb_do_redirect() would trigger a use-after-free,
   from Yan Zhai.

5) Fix a BPF verifier issue related to bpf_kptr_xchg() with local kptr
   where the map's value kptr type and locally allocated obj type
   mismatch, from Yonghong Song.

6) Fix BPF verifier's check_func_arg_reg_off() function wrt graph
   root/node which bypassed reg->off == 0 enforcement,
   from Kumar Kartikeya Dwivedi.

7) Lift BPF verifier restriction in networking BPF programs to treat
   comparison of packet pointers not as a pointer leak,
   from Yafang Shao.

8) Remove unmaintained XDP BPF samples as they are maintained
   in xdp-tools repository out of tree, from Toke Høiland-Jørgensen.

9) Batch of fixes for the tracing programs from BPF samples in order
   to make them more libbpf-aware, from Daniel T. Lee.

10) Fix a libbpf signedness determination bug in the CO-RE relocation
    handling logic, from Andrii Nakryiko.

11) Extend libbpf to support CO-RE kfunc relocations. Also follow-up
    fixes for bpf_refcount shared ownership implementation,
    both from Dave Marchevsky.

12) Add a new bpf_object__unpin() API function to libbpf,
    from Daniel Xu.

13) Fix a memory leak in libbpf to also free btf_vmlinux
    when the bpf_object gets closed, from Hao Luo.

14) Small error output improvements to test_bpf module, from Helge Deller.

* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (87 commits)
  selftests/bpf: Add tests for rbtree API interaction in sleepable progs
  bpf: Allow bpf_spin_{lock,unlock} in sleepable progs
  bpf: Consider non-owning refs to refcounted nodes RCU protected
  bpf: Reenable bpf_refcount_acquire
  bpf: Use bpf_mem_free_rcu when bpf_obj_dropping refcounted nodes
  bpf: Consider non-owning refs trusted
  bpf: Ensure kptr_struct_meta is non-NULL for collection insert and refcount_acquire
  selftests/bpf: Enable cpu v4 tests for RV64
  riscv, bpf: Support unconditional bswap insn
  riscv, bpf: Support signed div/mod insns
  riscv, bpf: Support 32-bit offset jmp insn
  riscv, bpf: Support sign-extension mov insns
  riscv, bpf: Support sign-extension load insns
  riscv, bpf: Fix missing exception handling and redundant zext for LDX_B/H/W
  samples/bpf: Add note to README about the XDP utilities moved to xdp-tools
  samples/bpf: Cleanup .gitignore
  samples/bpf: Remove the xdp_sample_pkts utility
  samples/bpf: Remove the xdp1 and xdp2 utilities
  samples/bpf: Remove the xdp_rxq_info utility
  samples/bpf: Remove the xdp_redirect* utilities
  ...
====================

Link: https://lore.kernel.org/r/20230825194319.12727-1-daniel@iogearbox.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge tag 'wireless-next-2023-08-25' of git://git.kernel.org/pub/scm/linux/kernel...
Jakub Kicinski [Sat, 26 Aug 2023 01:35:08 +0000 (18:35 -0700)] 
Merge tag 'wireless-next-2023-08-25' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next

Kalle Valo says:

====================
wireless-next patches for v6.6

The second pull request for v6.6, this time with both stack and driver
changes. Unusually we have only one major new feature but lots of
small cleanup all over, I guess this is due to people have been on
vacation the last month.

Major changes:

rtw89
 - Introduce Time Averaged SAR (TAS) support

* tag 'wireless-next-2023-08-25' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next: (114 commits)
  wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet()
  wifi: rtw88: usb: kill and free rx urbs on probe failure
  wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar()
  wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG
  wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips
  wifi: rtw89: mac: define register address of rx_filter to generalize code
  wifi: rtw89: mac: define internal memory address for WiFi 7 chip
  wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory
  wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address
  wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code
  wifi: rtw89: initialize multi-channel handling
  wifi: rtw89: provide functions to configure NoA for beacon update
  wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif
  wifi: rtw89: sar: let caller decide the center frequency to query
  wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band()
  wifi: rtw89: add function prototype for coex request duration
  Fix nomenclature for USB and PCI wireless devices
  wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address
  wifi: ath12k: Remove unused declarations
  wifi: ath12k: add check max message length while scanning with extraie
  ...
====================

Link: https://lore.kernel.org/r/20230825132230.A0833C433C8@smtp.kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge tag 'for-net-next-2023-08-24' of git://git.kernel.org/pub/scm/linux/kernel...
Jakub Kicinski [Sat, 26 Aug 2023 01:30:59 +0000 (18:30 -0700)] 
Merge tag 'for-net-next-2023-08-24' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next

Luiz Augusto von Dentz says:

====================
bluetooth-next pull request for net-next:

 - Introduce HCI_QUIRK_BROKEN_LE_CODED
 - Add support for PA/BIG sync
 - Add support for NXP IW624 chipset
 - Add support for Qualcomm WCN7850

* tag 'for-net-next-2023-08-24' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next:
  Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave()
  Bluetooth: btusb: Fix quirks table naming
  Bluetooth: HCI: Introduce HCI_QUIRK_BROKEN_LE_CODED
  Bluetooth: btintel: Send new command for PPAG
  Bluetooth: ISO: Add support for periodic adv reports processing
  Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early
  Bluetooth: hci_core: Fix missing instances using HCI_MAX_AD_LENGTH
  Bluetooth: ISO: Use defer setup to separate PA sync and BIG sync
  Bluetooth: qca: add support for WCN7850
  Bluetooth: qca: use switch case for soc type behavior
  dt-bindings: net: bluetooth: qualcomm: document WCN7850 chipset
  Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL
  Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync
  Bluetooth: btnxpuart: Improve inband Independent Reset handling
  Bluetooth: btnxpuart: Add support for IW624 chipset
  Bluetooth: btnxpuart: Remove check for CTS low after FW download
====================

Link: https://lore.kernel.org/r/20230824201458.2577-1-luiz.dentz@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge branch 'bpf-refcount-followups-3-bpf_mem_free_rcu-refcounted-nodes'
Alexei Starovoitov [Fri, 25 Aug 2023 16:23:17 +0000 (09:23 -0700)] 
Merge branch 'bpf-refcount-followups-3-bpf_mem_free_rcu-refcounted-nodes'

Dave Marchevsky says:

====================
BPF Refcount followups 3: bpf_mem_free_rcu refcounted nodes

This series is the third of three (or more) followups to address issues
in the bpf_refcount shared ownership implementation discovered by Kumar.
This series addresses the use-after-free scenario described in [0]. The
first followup series ([1]) also attempted to address the same
use-after-free, but only got rid of the splat without addressing the
underlying issue. After this series the underyling issue is fixed and
bpf_refcount_acquire can be re-enabled.

The main fix here is migration of bpf_obj_drop to use
bpf_mem_free_rcu. To understand why this fixes the issue, let us consider
the example interleaving provided by Kumar in [0]:

CPU 0                                   CPU 1
n = bpf_obj_new
lock(lock1)
bpf_rbtree_add(rbtree1, n)
m = bpf_rbtree_acquire(n)
unlock(lock1)

kptr_xchg(map, m) // move to map
// at this point, refcount = 2
m = kptr_xchg(map, NULL)
lock(lock2)
lock(lock1) bpf_rbtree_add(rbtree2, m)
p = bpf_rbtree_first(rbtree1) if (!RB_EMPTY_NODE) bpf_obj_drop_impl(m) // A
bpf_rbtree_remove(rbtree1, p)
unlock(lock1)
bpf_obj_drop(p) // B
bpf_refcount_acquire(m) // use-after-free
...

Before this series, bpf_obj_drop returns memory to the allocator using
bpf_mem_free. At this point (B in the example) there might be some
non-owning references to that memory which the verifier believes are valid,
but where the underlying memory was reused for some other allocation.
Commit 7793fc3babe9 ("bpf: Make bpf_refcount_acquire fallible for
non-owning refs") attempted to fix this by doing refcount_inc_non_zero
on refcount_acquire in instead of refcount_inc under the assumption that
preventing erroneous incr-on-0 would be sufficient. This isn't true,
though: refcount_inc_non_zero must *check* if the refcount is zero, and
the memory it's checking could have been reused, so the check may look
at and incr random reused bytes.

If we wait to reuse this memory until all non-owning refs that could
point to it are gone, there is no possibility of this scenario
happening. Migrating bpf_obj_drop to use bpf_mem_free_rcu for refcounted
nodes accomplishes this.

For such nodes, the validity of their underlying memory is now tied to
RCU critical section. This matches MEM_RCU trustedness
expectations, so the series takes the opportunity to more explicitly
mark this trustedness state.

The functional effects of trustedness changes here are rather small.
This is largely due to local kptrs having separate verifier handling -
with implicit trustedness assumptions - than arbitrary kptrs.
Regardless, let's take the opportunity to move towards a world where
trustedness is more explicitly handled.

Changelog:

v1 -> v2: https://lore.kernel.org/bpf/20230801203630.3581291-1-davemarchevsky@fb.com/

Patch 1 ("bpf: Ensure kptr_struct_meta is non-NULL for collection insert and refcount_acquire")
  * Spent some time experimenting with a better approach as per convo w/
    Yonghong on v1's patch. It started getting too complex, so left unchanged
    for now. Yonghong was fine with this approach being shipped.

Patch 2 ("bpf: Consider non-owning refs trusted")
  * Add Yonghong ack
Patch 3 ("bpf: Use bpf_mem_free_rcu when bpf_obj_dropping refcounted nodes")
  * Add Yonghong ack
Patch 4 ("bpf: Reenable bpf_refcount_acquire")
  * Add Yonghong ack

Patch 5 ("bpf: Consider non-owning refs to refcounted nodes RCU protected")
  * Undo a nonfunctional whitespace change that shouldn't have been included
    (Yonghong)
  * Better logging message when complaining about rcu_read_{lock,unlock} in
    rbtree cb (Alexei)
  * Don't invalidate_non_owning_refs when processing bpf_rcu_read_unlock
    (Yonghong, Alexei)

Patch 6 ("[RFC] bpf: Allow bpf_spin_{lock,unlock} in sleepable prog's RCU CS")
  * preempt_{disable,enable} in __bpf_spin_{lock,unlock} (Alexei)
    * Due to this we can consider spin_lock CS an RCU-sched read-side CS (per
      RCU/Design/Requirements/Requirements.rst). Modify in_rcu_cs accordingly.
  * no need to check for !in_rcu_cs before allowing bpf_spin_{lock,unlock}
    (Alexei)
  * RFC tag removed and renamed to "bpf: Allow bpf_spin_{lock,unlock} in
    sleepable progs"

Patch 7 ("selftests/bpf: Add tests for rbtree API interaction in sleepable progs")
  * Remove "no explicit bpf_rcu_read_lock" failure test, add similar success
    test (Alexei)

Summary of patch contents, with sub-bullets being leading questions and
comments I think are worth reviewer attention:

  * Patches 1 and 2 are moreso documententation - and
    enforcement, in patch 1's case - of existing semantics / expectations

  * Patch 3 changes bpf_obj_drop behavior for refcounted nodes such that
    their underlying memory is not reused until RCU grace period elapses
    * Perhaps it makes sense to move to mem_free_rcu for _all_
      non-owning refs in the future, not just refcounted. This might
      allow custom non-owning ref lifetime + invalidation logic to be
      entirely subsumed by MEM_RCU handling. IMO this needs a bit more
      thought and should be tackled outside of a fix series, so it's not
      attempted here.

  * Patch 4 re-enables bpf_refcount_acquire as changes in patch 3 fix
    the remaining use-after-free
    * One might expect this patch to be last in the series, or last
      before selftest changes. Patches 5 and 6 don't change
      verification or runtime behavior for existing BPF progs, though.

  * Patch 5 brings the verifier's understanding of refcounted node
    trustedness in line with Patch 4's changes

  * Patch 6 allows some bpf_spin_{lock, unlock} calls in sleepable
    progs. Marked RFC for a few reasons:
    * bpf_spin_{lock,unlock} haven't been usable in sleepable progs
      since before the introduction of bpf linked list and rbtree. As
      such this feels more like a new feature that may not belong in
      this fixes series.

  * Patch 7 adds tests

  [0]: https://lore.kernel.org/bpf/atfviesiidev4hu53hzravmtlau3wdodm2vqs7rd7tnwft34e3@xktodqeqevir/
  [1]: https://lore.kernel.org/bpf/20230602022647.1571784-1-davemarchevsky@fb.com/
====================

Link: https://lore.kernel.org/r/20230821193311.3290257-1-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agoselftests/bpf: Add tests for rbtree API interaction in sleepable progs
Dave Marchevsky [Mon, 21 Aug 2023 19:33:11 +0000 (12:33 -0700)] 
selftests/bpf: Add tests for rbtree API interaction in sleepable progs

Confirm that the following sleepable prog states fail verification:
  * bpf_rcu_read_unlock before bpf_spin_unlock
     * RCU CS will last at least as long as spin_lock CS

Also confirm that correct usage passes verification, specifically:
  * Explicit use of bpf_rcu_read_{lock, unlock} in sleepable test prog
  * Implied RCU CS due to spin_lock CS

None of the selftest progs actually attach to bpf_testmod's
bpf_testmod_test_read.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Link: https://lore.kernel.org/r/20230821193311.3290257-8-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agobpf: Allow bpf_spin_{lock,unlock} in sleepable progs
Dave Marchevsky [Mon, 21 Aug 2023 19:33:10 +0000 (12:33 -0700)] 
bpf: Allow bpf_spin_{lock,unlock} in sleepable progs

Commit 9e7a4d9831e8 ("bpf: Allow LSM programs to use bpf spin locks")
disabled bpf_spin_lock usage in sleepable progs, stating:

 Sleepable LSM programs can be preempted which means that allowng spin
 locks will need more work (disabling preemption and the verifier
 ensuring that no sleepable helpers are called when a spin lock is
 held).

This patch disables preemption before grabbing bpf_spin_lock. The second
requirement above "no sleepable helpers are called when a spin lock is
held" is implicitly enforced by current verifier logic due to helper
calls in spin_lock CS being disabled except for a few exceptions, none
of which sleep.

Due to above preemption changes, bpf_spin_lock CS can also be considered
a RCU CS, so verifier's in_rcu_cs check is modified to account for this.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Link: https://lore.kernel.org/r/20230821193311.3290257-7-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agobpf: Consider non-owning refs to refcounted nodes RCU protected
Dave Marchevsky [Mon, 21 Aug 2023 19:33:09 +0000 (12:33 -0700)] 
bpf: Consider non-owning refs to refcounted nodes RCU protected

An earlier patch in the series ensures that the underlying memory of
nodes with bpf_refcount - which can have multiple owners - is not reused
until RCU grace period has elapsed. This prevents
use-after-free with non-owning references that may point to
recently-freed memory. While RCU read lock is held, it's safe to
dereference such a non-owning ref, as by definition RCU GP couldn't have
elapsed and therefore underlying memory couldn't have been reused.

From the perspective of verifier "trustedness" non-owning refs to
refcounted nodes are now trusted only in RCU CS and therefore should no
longer pass is_trusted_reg, but rather is_rcu_reg. Let's mark them
MEM_RCU in order to reflect this new state.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Link: https://lore.kernel.org/r/20230821193311.3290257-6-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agobpf: Reenable bpf_refcount_acquire
Dave Marchevsky [Mon, 21 Aug 2023 19:33:08 +0000 (12:33 -0700)] 
bpf: Reenable bpf_refcount_acquire

Now that all reported issues are fixed, bpf_refcount_acquire can be
turned back on. Also reenable all bpf_refcount-related tests which were
disabled.

This a revert of:
 * commit f3514a5d6740 ("selftests/bpf: Disable newly-added 'owner' field test until refcount re-enabled")
 * commit 7deca5eae833 ("bpf: Disable bpf_refcount_acquire kfunc calls until race conditions are fixed")

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230821193311.3290257-5-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agobpf: Use bpf_mem_free_rcu when bpf_obj_dropping refcounted nodes
Dave Marchevsky [Mon, 21 Aug 2023 19:33:07 +0000 (12:33 -0700)] 
bpf: Use bpf_mem_free_rcu when bpf_obj_dropping refcounted nodes

This is the final fix for the use-after-free scenario described in
commit 7793fc3babe9 ("bpf: Make bpf_refcount_acquire fallible for
non-owning refs"). That commit, by virtue of changing
bpf_refcount_acquire's refcount_inc to a refcount_inc_not_zero, fixed
the "refcount incr on 0" splat. The not_zero check in
refcount_inc_not_zero, though, still occurs on memory that could have
been free'd and reused, so the commit didn't properly fix the root
cause.

This patch actually fixes the issue by free'ing using the recently-added
bpf_mem_free_rcu, which ensures that the memory is not reused until
RCU grace period has elapsed. If that has happened then
there are no non-owning references alive that point to the
recently-free'd memory, so it can be safely reused.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230821193311.3290257-4-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agobpf: Consider non-owning refs trusted
Dave Marchevsky [Mon, 21 Aug 2023 19:33:06 +0000 (12:33 -0700)] 
bpf: Consider non-owning refs trusted

Recent discussions around default kptr "trustedness" led to changes such
as commit 6fcd486b3a0a ("bpf: Refactor RCU enforcement in the
verifier."). One of the conclusions of those discussions, as expressed
in code and comments in that patch, is that we'd like to move away from
'raw' PTR_TO_BTF_ID without some type flag or other register state
indicating trustedness. Although PTR_TRUSTED and PTR_UNTRUSTED flags mark
this state explicitly, the verifier currently considers trustedness
implied by other register state. For example, owning refs to graph
collection nodes must have a nonzero ref_obj_id, so they pass the
is_trusted_reg check despite having no explicit PTR_{UN}TRUSTED flag.
This patch makes trustedness of non-owning refs to graph collection
nodes explicit as well.

By definition, non-owning refs are currently trusted. Although the ref
has no control over pointee lifetime, due to non-owning ref clobbering
rules (see invalidate_non_owning_refs) dereferencing a non-owning ref is
safe in the critical section controlled by bpf_spin_lock associated with
its owning collection.

Note that the previous statement does not hold true for nodes with shared
ownership due to the use-after-free issue that this series is
addressing. True shared ownership was disabled by commit 7deca5eae833
("bpf: Disable bpf_refcount_acquire kfunc calls until race conditions are fixed"),
though, so the statement holds for now. Further patches in the series will change
the trustedness state of non-owning refs before re-enabling
bpf_refcount_acquire.

Let's add NON_OWN_REF type flag to BPF_REG_TRUSTED_MODIFIERS such that a
non-owning ref reg state would pass is_trusted_reg check. Somewhat
surprisingly, this doesn't result in any change to user-visible
functionality elsewhere in the verifier: graph collection nodes are all
marked MEM_ALLOC, which tends to be handled in separate codepaths from
"raw" PTR_TO_BTF_ID. Regardless, let's be explicit here and document the
current state of things before changing it elsewhere in the series.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230821193311.3290257-3-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agobpf: Ensure kptr_struct_meta is non-NULL for collection insert and refcount_acquire
Dave Marchevsky [Mon, 21 Aug 2023 19:33:05 +0000 (12:33 -0700)] 
bpf: Ensure kptr_struct_meta is non-NULL for collection insert and refcount_acquire

It's straightforward to prove that kptr_struct_meta must be non-NULL for
any valid call to these kfuncs:

  * btf_parse_struct_metas in btf.c creates a btf_struct_meta for any
    struct in user BTF with a special field (e.g. bpf_refcount,
    {rb,list}_node). These are stored in that BTF's struct_meta_tab.

  * __process_kf_arg_ptr_to_graph_node in verifier.c ensures that nodes
    have {rb,list}_node field and that it's at the correct offset.
    Similarly, check_kfunc_args ensures bpf_refcount field existence for
    node param to bpf_refcount_acquire.

  * So a btf_struct_meta must have been created for the struct type of
    node param to these kfuncs

  * That BTF and its struct_meta_tab are guaranteed to still be around.
    Any arbitrary {rb,list} node the BPF program interacts with either:
    came from bpf_obj_new or a collection removal kfunc in the same
    program, in which case the BTF is associated with the program and
    still around; or came from bpf_kptr_xchg, in which case the BTF was
    associated with the map and is still around

Instead of silently continuing with NULL struct_meta, which caused
confusing bugs such as those addressed by commit 2140a6e3422d ("bpf: Set
kptr_struct_meta for node param to list and rbtree insert funcs"), let's
error out. Then, at runtime, we can confidently say that the
implementations of these kfuncs were given a non-NULL kptr_struct_meta,
meaning that special-field-specific functionality like
bpf_obj_free_fields and the bpf_obj_drop change introduced later in this
series are guaranteed to execute.

This patch doesn't change functionality, just makes it easier to reason
about existing functionality.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230821193311.3290257-2-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agoMerge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
Kalle Valo [Fri, 25 Aug 2023 10:15:26 +0000 (13:15 +0300)] 
Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git

ath.git patches for v6.6. No major changes, only smaller fixes and
cleanups this time.

2 years agowifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet()
Jinjie Ruan [Thu, 24 Aug 2023 06:23:39 +0000 (14:23 +0800)] 
wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet()

The function rtl8723_cmd_send_packet() is not used anywhere, so remove it.

Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230824062339.1885385-1-ruanjinjie@huawei.com
2 years agowifi: rtw88: usb: kill and free rx urbs on probe failure
Sascha Hauer [Wed, 23 Aug 2023 07:50:21 +0000 (09:50 +0200)] 
wifi: rtw88: usb: kill and free rx urbs on probe failure

After rtw_usb_alloc_rx_bufs() has been called rx urbs have been
allocated and must be freed in the error path. After rtw_usb_init_rx()
has been called they are submitted, so they also must be killed.

Add these forgotten steps to the probe error path.

Besides the lost memory this also fixes a problem when the driver
fails to download the firmware in rtw_chip_info_setup(). In this
case it can happen that the completion of the rx urbs handler runs
at a time when we already freed our data structures resulting in
a kernel crash.

Fixes: a82dfd33d123 ("wifi: rtw88: Add common USB chip support")
Cc: stable@vger.kernel.org
Reported-by: Ilgaz Öcal <ilgaz@ilgaz.gen.tr>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230823075021.588596-1-s.hauer@pengutronix.de
2 years agowifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar()
Nathan Chancellor [Tue, 22 Aug 2023 15:27:16 +0000 (08:27 -0700)] 
wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar()

clang warns (or errors with CONFIG_WERROR=y):

  drivers/net/wireless/realtek/rtw89/sar.c:216:3: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
    216 |                 case RTW89_TAS_STATE_DPR_FORBID:
        |                 ^
  drivers/net/wireless/realtek/rtw89/sar.c:216:3: note: insert 'break;' to avoid fall-through
    216 |                 case RTW89_TAS_STATE_DPR_FORBID:
        |                 ^
        |                 break;
  1 error generated.

Clang is a little more pedantic than GCC, which does not warn when
falling through to a case that is just break or return. Clang's version
is more in line with the kernel's own stance in deprecated.rst, which
states that all switch/case blocks must end in either break,
fallthrough, continue, goto, or return. Add the missing break to silence
the warning.

Closes: https://github.com/ClangBuiltLinux/linux/issues/1921
Fixes: eb2624f55ad1 ("wifi: rtw89: Introduce Time Averaged SAR (TAS) feature")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230822-rtw89-tas-clang-implicit-fallthrough-v1-1-5cb73f0fa976@kernel.org
2 years agowifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG
Cheng-Chieh Hsieh [Tue, 22 Aug 2023 12:58:22 +0000 (20:58 +0800)] 
wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG

The ENV_MNTR(environment monitor) is the dynamic mechanism which based on
the HW of CCX(Cisco Compatible Extensions) which provide the channel
loading and noisy level indicator to debug or support the 802.11k. The
PHYSTS provide the detail PHY information per packet we received for
debugging. The DIG(dynamic initial gain) is the dynamic mechanism to
adjust the packet detect power level by received signal strength to avoid
false detection of the WiFi packet.

The address of registers used for ENV_MNTR, PHYSTS and DIG of WiFi 7 IC
are different with WiFi 6 series, so we modify the method to access the
register address in order to compatible with all WiFi 7 and 6 ICs.

Signed-off-by: Cheng-Chieh Hsieh <cj.hsieh@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230822125822.23817-7-pkshih@realtek.com
2 years agowifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips
Ping-Ke Shih [Tue, 22 Aug 2023 12:58:21 +0000 (20:58 +0800)] 
wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips

cr_base is base address of PHY control register. The base of WiFi 6 and 7
chips are 0x1_0000 and 0x2_0000 respectively, so define them accordingly.
For example, if PHY address is 0x1330, absolute address is 0x1_1330 for
WiFi 6 chips, and 0x2_1330 for WiFi 7 chips.

Meanwhile, there are two copies of PHY hardware named PHY0 and PHY1. The
offset between them is 0x2_0000, so the base address of PHY0 and PHY1 are
0x2_0000 and 0x4_0000 respectively.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230822125822.23817-6-pkshih@realtek.com
2 years agowifi: rtw89: mac: define register address of rx_filter to generalize code
Ping-Ke Shih [Tue, 22 Aug 2023 12:58:20 +0000 (20:58 +0800)] 
wifi: rtw89: mac: define register address of rx_filter to generalize code

rx_filter is used to decide which kind of packets are received to driver,
or just dropped by MAC layer to reduce bus traffic.

The bit definitions of old and new chips are the sames, but only address
is changed, so define a field to generalize usage.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230822125822.23817-5-pkshih@realtek.com
2 years agowifi: rtw89: mac: define internal memory address for WiFi 7 chip
Ping-Ke Shih [Tue, 22 Aug 2023 12:58:19 +0000 (20:58 +0800)] 
wifi: rtw89: mac: define internal memory address for WiFi 7 chip

Define base address of WiFi 7 internal memory according to design to
provide the same functions as existing WiFi 6 chips.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230822125822.23817-4-pkshih@realtek.com
2 years agowifi: rtw89: mac: generalize code to indirectly access WiFi internal memory
Ping-Ke Shih [Tue, 22 Aug 2023 12:58:18 +0000 (20:58 +0800)] 
wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory

To diagnose abnormal behavior, we need to dump certain internal memory.
For example, dump security CAM when debugging encryption/decryption
problems, or dump BA CAM when debugging abnormal BlockAck.

Since the indirect address and internal memory base address are different
between WiFi 6 and 7 chips, add fields to reuse codes.

Also, only WiFi 6 chips initialize DMAC and CMAC tables via this indirect
interface, so no need to change the constant register address, and
new firmware will help to initialize these tables.

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230822125822.23817-3-pkshih@realtek.com
2 years agowifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address
Ping-Ke Shih [Tue, 22 Aug 2023 12:58:17 +0000 (20:58 +0800)] 
wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address

There are two copies of MAC hardware called band0 and band1. Basically,
the only difference between them is base address, so we can share functions
with a 'band' (or 'mac_idx') argument.

The offset of base address of WiFi 6 and 7 are 0x2000 and 0x4000
respectively, so add band1_offset field to new introduced struct
mac_gen_def to possibly reuse functions.

Using below spatch script to convert callers:

  @@
  expression reg, band;
  @@
  - rtw89_mac_reg_by_idx(reg, band)
  + rtw89_mac_reg_by_idx(rtwdev, reg, band)

  @@
  expression reg, port, band;
  @@
  - rtw89_mac_reg_by_port(reg, port, band)
  + rtw89_mac_reg_by_port(rtwdev, reg, port, band)

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230822125822.23817-2-pkshih@realtek.com
2 years agowifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code
Li Zetao [Mon, 21 Aug 2023 14:03:45 +0000 (22:03 +0800)] 
wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code

Use the module_sdio_driver macro to simplify the code, which is the
same as declaring with module_init() and module_exit().

Signed-off-by: Li Zetao <lizetao1@huawei.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230821140345.3140493-1-lizetao1@huawei.com
2 years agowifi: rtw89: initialize multi-channel handling
Zong-Zhe Yang [Wed, 16 Aug 2023 08:21:33 +0000 (16:21 +0800)] 
wifi: rtw89: initialize multi-channel handling

We prepare to deal with multiple channels via new entity modes.
* MCC_PREPARE: Transitional mode before MCC
* MCC: Multi-Channel Concurrent mode
And, enum of sub-entity is extended for second channel context.

We add the entry flow of multi-channel handling and the core stuffs
for extended index of sub-entity. And, we now deal with the filling
of entity channels' info in entity recalc where we know the number
of active chanctx. However, the other detail coding of MCC start/stop
will be implemented in the following.

Besides, chanctx listener struct is pre-added in chip info. Each
component can add callback type in chanctx listener and configure
its callback function to react according to chanctx states. We know
at least RFK (RF calibration) and BTC (BT coexistence) will require
such callbacks.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230816082133.57474-7-pkshih@realtek.com
2 years agowifi: rtw89: provide functions to configure NoA for beacon update
Zong-Zhe Yang [Wed, 16 Aug 2023 08:21:32 +0000 (16:21 +0800)] 
wifi: rtw89: provide functions to configure NoA for beacon update

Callers call renew function when wanting to generate a new P2P NoA
information element, and call append function to append NoA attribute
one by one. Then, updating beacon work will fetch the P2P NoA information
element configured by callers and add it to beacon.

The use case of MCC (multi-channel concurrent) <GO + STA> for example:
* start MCC - GO part
renew P2P NoA
append period NoA after calculation
* download beacon for GO
fetch P2P NoA and add to beacon content
* stop MCC - GO part
renew P2P NoA (reset)

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230816082133.57474-6-pkshih@realtek.com
2 years agowifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif
Zong-Zhe Yang [Wed, 16 Aug 2023 08:21:31 +0000 (16:21 +0800)] 
wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif

We adjust these processes which can work accodrding to vif but call
rtw89_chan_get() with static RTW89_SUB_ENTITY_0. After multi-channel
support, chanctx of vif won't always be on RTW89_SUB_ENTITY_0. So,
we make them call rtw89_chan_get() with rtwvif->sub_entity_idx.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230816082133.57474-5-pkshih@realtek.com
2 years agowifi: rtw89: sar: let caller decide the center frequency to query
Zong-Zhe Yang [Wed, 16 Aug 2023 08:21:30 +0000 (16:21 +0800)] 
wifi: rtw89: sar: let caller decide the center frequency to query

If multiple channels, SAR will be hard to determine the center frequency
to query. Therefore, we move this decision out of SAR.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230816082133.57474-4-pkshih@realtek.com
2 years agowifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band()
Zong-Zhe Yang [Wed, 16 Aug 2023 08:21:29 +0000 (16:21 +0800)] 
wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band()

In rtw89_correct_cck_chan(), we turn to use rtw89_hw_to_nl80211_band().
The difference between rtw89_hw_to_nl80211_band() and the original raw
judgement is the case on 6 GHz. Since rtw89_correct_cck_chan() is common
code independent on chip, if runtime chip doesn't support 6 GHz, it is
probably safe. Otherwise, it might not.

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230816082133.57474-3-pkshih@realtek.com
2 years agowifi: rtw89: add function prototype for coex request duration
Zong-Zhe Yang [Wed, 16 Aug 2023 08:21:28 +0000 (16:21 +0800)] 
wifi: rtw89: add function prototype for coex request duration

The request duration comes from coex mechanism, indicating the
length of time that should be reserved for BT in each time division.
It is required to handle update notification when channel concurrency
processes. Since it will involve in both coex and wifi code flow, this
commit ahead adds the prototype for required function interfaces to
split the implementation of coex and wifi in the following.

The follow-up are expected be add afterwards.
1. coex mechanism call rtw89_core_ntfy_btc_event() once bt req len changes
2. channel concurrency flow updates related stuffs when notified

Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20230816082133.57474-2-pkshih@realtek.com
2 years agoFix nomenclature for USB and PCI wireless devices
Alan Stern [Wed, 9 Aug 2023 00:44:48 +0000 (20:44 -0400)] 
Fix nomenclature for USB and PCI wireless devices

A mouse that uses a USB connection is called a "USB mouse" device (or
"USB mouse" for short), not a "mouse USB" device.  By analogy, a WiFi
adapter that connects to the host computer via USB is a "USB wireless"
device, not a "wireless USB" device.  (The latter term more properly
refers to a defunct Wireless USB specification, which described a
technology for sending USB protocol messages over an ultra wideband
radio link.)

Similarly for a WiFi adapter card that plugs into a PCIe slot: It is a
"PCIe wireless" device, not a "wireless PCIe" device.

Rephrase the text in the kernel source where the word ordering is
wrong.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/57da7c80-0e48-41b5-8427-884a02648f55@rowland.harvard.edu
2 years agokunit: Fix checksum tests on big endian CPUs
Christophe Leroy [Wed, 23 Aug 2023 13:21:43 +0000 (15:21 +0200)] 
kunit: Fix checksum tests on big endian CPUs

On powerpc64le checksum kunit tests work:

[    2.011457][    T1]     KTAP version 1
[    2.011662][    T1]     # Subtest: checksum
[    2.011848][    T1]     1..3
[    2.034710][    T1]     ok 1 test_csum_fixed_random_inputs
[    2.079325][    T1]     ok 2 test_csum_all_carry_inputs
[    2.127102][    T1]     ok 3 test_csum_no_carry_inputs
[    2.127202][    T1] # checksum: pass:3 fail:0 skip:0 total:3
[    2.127533][    T1] # Totals: pass:3 fail:0 skip:0 total:3
[    2.127956][    T1] ok 1 checksum

But on powerpc64 and powerpc32 they fail:

[    1.859890][    T1]     KTAP version 1
[    1.860041][    T1]     # Subtest: checksum
[    1.860201][    T1]     1..3
[    1.861927][   T58]     # test_csum_fixed_random_inputs: ASSERTION FAILED at lib/checksum_kunit.c:243
[    1.861927][   T58]     Expected result == expec, but
[    1.861927][   T58]         result == 54991 (0xd6cf)
[    1.861927][   T58]         expec == 33316 (0x8224)
[    1.863742][    T1]     not ok 1 test_csum_fixed_random_inputs
[    1.864520][   T60]     # test_csum_all_carry_inputs: ASSERTION FAILED at lib/checksum_kunit.c:267
[    1.864520][   T60]     Expected result == expec, but
[    1.864520][   T60]         result == 255 (0xff)
[    1.864520][   T60]         expec == 65280 (0xff00)
[    1.868820][    T1]     not ok 2 test_csum_all_carry_inputs
[    1.869977][   T62]     # test_csum_no_carry_inputs: ASSERTION FAILED at lib/checksum_kunit.c:306
[    1.869977][   T62]     Expected result == expec, but
[    1.869977][   T62]         result == 64515 (0xfc03)
[    1.869977][   T62]         expec == 0 (0x0)
[    1.872060][    T1]     not ok 3 test_csum_no_carry_inputs
[    1.872102][    T1] # checksum: pass:0 fail:3 skip:0 total:3
[    1.872458][    T1] # Totals: pass:0 fail:3 skip:0 total:3
[    1.872791][    T1] not ok 3 checksum

This is because all expected values were calculated for X86 which
is little endian. On big endian systems all precalculated 16 bits
halves must be byte swapped.

And this is confirmed by a huge amount of sparse errors when building
with C=2

So fix all sparse errors and it will naturally work on all endianness.

Fixes: 688eb8191b47 ("x86/csum: Improve performance of `csum_partial`")
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: fec: add statistics for XDP_TX
Wei Fang [Thu, 24 Aug 2023 06:11:50 +0000 (14:11 +0800)] 
net: fec: add statistics for XDP_TX

The FEC driver supports the statistics for XDP actions except for
XDP_TX before, because the XDP_TX was not supported when adding
the statistics for XDP. Now the FEC driver has supported XDP_TX
since commit f601899e4321 ("net: fec: add XDP_TX feature support").
So it's reasonable and necessary to add statistics for XDP_TX.

Signed-off-by: Wei Fang <wei.fang@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agowifi: ath: Use is_multicast_ether_addr() to check multicast Ether address
Ruan Jinjie [Mon, 14 Aug 2023 12:42:11 +0000 (20:42 +0800)] 
wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address

Use is_multicast_ether_addr() to perform the Checking.

Signed-off-by: Ruan Jinjie <ruanjinjie@huawei.com>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230814124212.302738-2-ruanjinjie@huawei.com
2 years agowifi: ath12k: Remove unused declarations
Yue Haibing [Wed, 16 Aug 2023 13:05:50 +0000 (21:05 +0800)] 
wifi: ath12k: Remove unused declarations

Commit d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
declared but never implemented these, remove it.

Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230816130550.50896-1-yuehaibing@huawei.com
2 years agowifi: ath12k: add check max message length while scanning with extraie
Wen Gong [Wed, 9 Aug 2023 08:16:57 +0000 (04:16 -0400)] 
wifi: ath12k: add check max message length while scanning with extraie

Currently the extraie length is directly used to allocate skb buffer. When
the length of skb is greater than the max message length which firmware
supports, error will happen in firmware side.

Hence add check for the skb length and drop extraie when overflow and
print a message.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4

Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
Reviewed-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230809081657.13858-1-quic_wgong@quicinc.com
2 years agowifi: ath9k: use IS_ERR() with debugfs_create_dir()
Wang Ming [Thu, 13 Jul 2023 03:03:44 +0000 (11:03 +0800)] 
wifi: ath9k: use IS_ERR() with debugfs_create_dir()

The debugfs_create_dir() function returns error pointers,
it never returns NULL. Most incorrect error checks were fixed,
but the one in ath9k_htc_init_debug() was forgotten.

Fix the remaining error check.

Fixes: e5facc75fa91 ("ath9k_htc: Cleanup HTC debugfs")
Signed-off-by: Wang Ming <machel@vivo.com>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
Link: https://lore.kernel.org/r/20230713030358.12379-1-machel@vivo.com
2 years agoMerge branch 'txgbe-link-modes'
David S. Miller [Fri, 25 Aug 2023 06:43:20 +0000 (07:43 +0100)] 
Merge branch 'txgbe-link-modes'

Jiawen Wu says:

====================
support more link mode for TXGBE

There are three new interface mode support for Wangxun 10Gb NICs:
1000BASE-X, SGMII and XAUI.

Specific configurations are added to XPCS. And external PHY attaching
is added for copper NICs.

v2 -> v3:
- add device identifier read
- restrict pcs soft reset
- add firmware version warning

v1 -> v2:
- use the string "txgbe_pcs_mdio_bus" directly
- use dev_err() instead of pr_err()
- add device quirk flag
- add more macro definitions to explain PMA registers
- move txgbe_enable_sec_tx_path() to mac_finish()
- implement phylink for copper NICs
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: ngbe: move mdio access registers to libwx
Jiawen Wu [Wed, 23 Aug 2023 06:19:35 +0000 (14:19 +0800)] 
net: ngbe: move mdio access registers to libwx

Registers of mdio accessing are common defined in libwx, remove the
redundant macro definitions in ngbe driver.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: txgbe: support copper NIC with external PHY
Jiawen Wu [Wed, 23 Aug 2023 06:19:34 +0000 (14:19 +0800)] 
net: txgbe: support copper NIC with external PHY

Wangxun SP chip supports to connect with external PHY (marvell 88x3310),
which links to 10GBASE-T/1000BASE-T/100BASE-T. Add the identification of
media types from subsystem device IDs. For sp_media_copper, register mdio
bus for the external PHY.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: txgbe: support switching mode to 1000BASE-X and SGMII
Jiawen Wu [Wed, 23 Aug 2023 06:19:33 +0000 (14:19 +0800)] 
net: txgbe: support switching mode to 1000BASE-X and SGMII

Disable data path before PCS VR reset while switching PCS mode, to prevent
the blocking of data path. Enable AN interrupt for CL37 auto-negotiation.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: txgbe: add FW version warning
Jiawen Wu [Wed, 23 Aug 2023 06:19:32 +0000 (14:19 +0800)] 
net: txgbe: add FW version warning

Since XPCS device identifier is implemented in the firmware version
0x20010 and above, so add a warning to prompt the users to upgrade the
firmware to make sure the driver works.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: pcs: xpcs: adapt Wangxun NICs for SGMII mode
Jiawen Wu [Wed, 23 Aug 2023 06:19:31 +0000 (14:19 +0800)] 
net: pcs: xpcs: adapt Wangxun NICs for SGMII mode

Wangxun NICs support the connection with SFP to RJ45 module. In this case,
PCS need to be configured in SGMII mode.

According to chapter 6.11.1 "SGMII Auto-Negitiation" of DesignWare Cores
Ethernet PCS (version 3.20a) and custom design manual, do the following
configuration when the interface mode is SGMII.

1. program VR_MII_AN_CTRL bit(3) [TX_CONFIG] = 1b (PHY side SGMII)
2. program VR_MII_AN_CTRL bit(8) [MII_CTRL] = 1b (8-bit MII)
3. program VR_MII_DIG_CTRL1 bit(0) [PHY_MODE_CTRL] = 1b

Also CL37 AN in backplane configurations need to be enabled because of the
special hardware design. Another thing to note is that PMA needs to be
reconfigured before each CL37 AN configuration for SGMII, otherwise AN will
fail, although we don't know why.

On this device, CL37_ANSGM_STS (bit[4:1] of VR_MII_AN_INTR_STS) indicates
the status received from remote link during the auto-negotiation, and
self-clear after the auto-negotiation is complete.
Meanwhile, CL37_ANCMPLT_INTR will be set to 1, to indicate CL37 AN is
complete. So add another way to get the state for CL37 SGMII.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: pcs: xpcs: add 1000BASE-X AN interrupt support
Jiawen Wu [Wed, 23 Aug 2023 06:19:30 +0000 (14:19 +0800)] 
net: pcs: xpcs: add 1000BASE-X AN interrupt support

Enable CL37 AN complete interrupt for DW XPCS. It requires to clear the
bit(0) [CL37_ANCMPLT_INTR] of VR_MII_AN_INTR_STS after AN completed.

And there is a quirk for Wangxun devices to enable CL37 AN in backplane
configurations because of the special hardware design.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>